Automated manufacturing systems (particularly within the paradigm of so-called Industry 4.0) are complex and critical cyber-physical systems. They use robots (highly sophisticated systems themselves, with multiple complex embedded controllers), several types of industrial controllers, and are often interconnected with other computers in the factory network, safety systems, and to the Internet for remote monitoring and maintenance (through specific devices called industrial routers). In this talk we will discuss the potential attack surface and threat model of automated manufacturing systems. We will analyze specific vulnerability classes, ranging from robotic controller compromise to the security paradigm of domain-specific programming languages, and we will discuss the potential post-exploitation impacts, discussing how (remote) attackers would alter the manufactured product, physically damage the plant, steal industry secrets, or injure humans.
